def dotransform(request, response, config):
"""
The dotransform function is our transform's entry point. The request object has the following properties:
- value: a string containing the value of the input entity.
- fields: a dictionary of entity field names and their respective values of the input entity.
- params: any additional command-line arguments to be passed to the transform.
- entity: the information above is serialized into an Entity object. The entity type is determined
by the inputs field in @configure for local transforms. For remote transforms, the entity
type is determined by the information in the body of the request. Local transforms suffer
from one limitation: if more than one entity type is listed in the inputs field of @configure,
the entity type might not be resolvable. Therefore, this should not be referenced in local
transforms if there is more than one input entity type defined in @configure.
The response object is a container for output entities, UI messages, and exception messages. The config object
contains a key-value store of the configuration file.
TODO: write your data mining logic below.
"""
client = get_client(config)
prog = 10
progress(prog)
debug('Starting RiskIQ passive dns lookup...')
value = request.entities[0].value
if IP_REGEX.match(value):
api_response = client.get_dns_ptr_by_ip(value, rrtype=None)
else:
api_response = client.get_dns_data_by_name(value, rrtype=None)
if not api_response:
progress(100)
return response
dns_data = api_response['records']
a_responses = set()
ns_responses = set()
mx_responses = set()
aaaa_responses = set()
cname_responses = set()
responses = set()
for dns_datum in dns_data:
data = dns_datum['data']
if dns_datum.get('rrtype') == 'A':
a_responses |= set(data)
elif dns_datum.get('rrtype') == 'CNAME':
cname_responses |= set(data)
elif dns_datum.get('rrtype') == 'NS':
ns_responses |= set(data)
elif dns_datum.get('rrtype') == 'MX':
mx_responses |= set(data)
elif dns_datum.get('rrtype') == 'AAAA':
aaaa_responses |= set(data)
elif dns_datum.get('rrtype') == 'TXT':
pass
else:
responses |= set(data)
prog += 40
progress(prog)
for rec in a_responses:
e = IPv4Address(rec)
e.ip = rec
response += e
prog += 10
progress(prog)
"""
for rec in aaaa_responses:
e = IPv6Address(rec)
e.ip = rec
response += e
prog += 10
progress(prog)
"""
for _rec in ns_responses:
rec = fix_dom(_rec)
e = NSRecord(rec)
e.fqdn = rec
response += e
prog += 10
progress(prog)
for _rec in mx_responses:
rec = fix_dom(_rec)
e = MXRecord(rec)
e.fqdn = rec
response += e
prog += 10
progress(prog)
for _rec in cname_responses:
rec = fix_dom(_rec)
e = DNSName(rec)
e.fqdn = rec
response += e
prog += 10
progress(prog)
for _rec in responses:
rec = fix_dom(_rec)
if IP_REGEX.match(rec):
e = IPv4Address(rec)
e.ip = rec
else:
e = DNSName(rec)
e.fqdn = rec
response += e
progress(100)
return response
